Date: Wed, 10 Sep 1997 14:38:26 -0700 From: "Pedro Giffuni S," <pgiffuni@fps.biblos.unal.edu.co> To: Andreas Klemm <andreas@klemm.gtn.com> Cc: Mark Murray <mark@grondar.za>, ports@freebsd.org Subject: Re: Major bogon in tcp_wrappers port. Message-ID: <34171352.2B7@fps.biblos.unal.edu.co> References: <199708051816.UAA15581@greenpeace.grondar.za> <19970910075018.17557@klemm.gtn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andreas Klemm wrote: > > > You're right, I'd vote for it as well. FWIW, I don't like it..not everyone needs this protection. Some of us have firewalls or use FreeBSD only for PPP some times a day. > On the other hand ... how much overhead does it bring ? > Every time when an inetd related service is being started, > the (of course small) tcpd program has to be executed. > Correct, it seems like xinetd doesn't have this problem, but I haven't used it. > Does it have to read and interpret sample /etc/hosts.allow > and /etc/hosts.deny files, that might/should/could be created > in /etc ? > If these don't exist, or are commented, nothing happens. Also .allow has priority over .deny . > And ... which inetd related server programs do we want to > protect, only some or all ? > IMO the only service that MUST have this control is SMTP (I run it in inetd). I usually restrict access to the mailer from unknown hosts, which is also a sane measure against spammers. My two cents. Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34171352.2B7>